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ON THE j-IN VARIANTS OF CM-ELLIPTIC CURVES DEFINED OVER Z p 


ANDREW FIORI 


Abstract. We characterize the possible reductions modulo p of the j-invariants of supersingular 
elliptic curves which admit complex multiplication by a (potentially non-maximal) order O where 
the curve itself is defined over Z p . In particular, we show that the collection of possible j-invariants 
as well as some aspects of the distribution depends on which primes divide the discriminant and 
conductor of the order O. 


1. Introduction 

There are several different ways of framing the results of this paper. Our main object of study 
will be CM-elliptic curves over Z p which are supersingular at p. The results we obtain will primarily 
be directed towards trying to address the following three questions: 

(1) When are there elliptic curves defined over Z p , which (after base extension) admit CM by 
an order O in a quadratic imaginary field K in which p is inert and where p does not divide 
the conductor of O? 

(2) For such curves, what factors affect the possible reductions of their j-invariants modulo p 
amongst the set of all supersingular F p -rational j-invariants? 

(3) Given an F p -rational supersingular j-invariant which admits CM by O, when does there 
exist an elliptic curve defined over Z p , which (after base extension) admits CM by O, which 
reduces to it. 

Thoueh thev are not necissarilv framed in this wav. related questions are treated in |Stal2]. [Mor m 
and |BM04j and some of our results can naturally be viewed as generalizations to the context of 
non-maximal orders. Furthermore, there are natural connections between some of our results and 
those presented in [LV15] . 

We note one natural source of interest in these questions is the following observation of Ernst 
Kani: 

Proposition. Suppose p is unramified in K and does not divide the conductor of O. Then every 
F p elliptic curve which admits CM by O lifts to Z p (with a lifting of its CM to Z p j if and only if 
p does not divide the conductor of the ring Z[j(£j),..., j(E n )\ generated by the j invariants of all 
elliptic curves which admit CM by O. 

Remark 1.1. This ring Z[j(Ei),..., j(E n )\ is a natural order in the ring class field of K associated 
to O, its structure is mysterious. 

The results we will describe are in contrast to what one would obtain for the same questions 
asked for elliptic curves over Z p 2 , the unramified quadratic extension of Z p . In particular, over Z p 2 , 
we have the following answers: 

(1) There are always CM-elliptic curves over Z p 2 which admit CM by O an order in a quadratic 
imaginary field K in which p is inert, and where p does not divide the conductor. 

(2) From the work of Cornut-Vatsal [ CV051 ICV07I| and Jetchev-Kane [ JKllj we have that the 
reductions of the j-invariants of elliptic curves with CM by O are equidistributed among 
the supersingular values in F p 2 (as we vary the conductors O subject to certain congruence 
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conditions). Moreover, for each p and all but finitely many O where p is inert, the map from 
elliptic curves with CM by O to supersingular j-invariants in F p 2 is surjective. 

(3) By the work of Deuring |Deu4l| we know that given a supersingular elliptic curve E with 
CM by O there always exists a lift to an elliptic curve over Z p 2 with CM by O which reduces 
to E (along with its CM). 

The results we obtain are motivated by computations, some of the data from which is presented in 
the Appendix, which gave results which seemed contrary to the above. In particular if we consider 
only the elliptic curves which are defined over Z p then: 

• They are not always surjective onto supersingular F p values as we vary O among 

— maximal orders subject to certain congruence conditions on the discriminant; 

— orders in a certain fixed K subject to certain congruence conditions on the conductor; 

— orders subject to certain congruence conditions on the conductor and discriminant of 
K. 

• The set of possible values, and hence the overall distributions depends on congruence con¬ 
ditions on both the discriminant of K and the conductor of O. 

• For certain congruence conditions on discriminants and conductors there are irreducible 
factors which always appear together, in equal numbers. So the appearance of a given 
factor is not independent on the appearance of another. 

We should emphasize before proceeding that though perhaps unexpected in light of them, the above 
does not actually conflict with the aforementioned equidistribution results. 

This paper is organized as follows: 

• In Section [2] we introduce the relevant background. 

• In Section [3] we state and prove our results. 

• In Section [4] we discuss two natural questions our work leaves open. 

• In the Appendix we discuss the computations and data on which are work is based. 

2. Background 

In this section we will be introducing the results necessary to state and prove our theorems. Much 
of what we are saying is very well known, and can be found in many references on the theory of 
complex multiplication. Some results which are perhaps less well known can be found in [SchlOj . 
|Deu41j . [Ibu82| . |Dor89] or [LV15] . 

Convention. Throughout this paper whenever we write End(E) we shall mean the endomorphism 
algebra of E over an algebraically closed field containing the ring of definition of E. 

We recall the following important facts: 

Theorem 2.1. If E is an elliptic curve over afield of characteristic 0 then either: 

• End(E) = Z, this is the general case. 

• End(E) = O, for O C Q(V~D) an order in a quadratic imaginary field, this is the so-called 
CM-case. 

Convention. We shall say an elliptic curve E admits CM by O if End(-E') ~ O. To say that E 
admits CM does not require that we have chosen a particular isomorphism of O with End(Fl). 

We will be interested in the CM or complex multiplication case in characteristic 0, where we have 
the following classification result: 

Theorem 2.2. The elliptic curve E r = C/(Z © tZ) has End(E) ~ O if and only if 

(1) t E Q(y/—D), that is r generates a (complex) quadratic field, and 

(2) Z + rZc Q(y/~D) is a (projective) O-module. 
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Moreover, for any algebraically closed field C of characteristic 0 the collection of elliptic curves 
which admit CM by O is a principal homogeneous space under the action of C£(0) the ideal class 
group of O. 

Remark 2.3. Note that the collection of elliptic curves E which admit CM by O and the collection 
of pairs ( E,p : O —>• End(E)) of E and an isomorphism of O with End(-E) of a fixed CM-type are 
in bijection. In most contexts this later moduli problem is more natural. However, this moduli 
space never has Z p -points. As we are primarily concerned with the field of definition of E and not 
the field over which CM is obtained we shall be considering instead the “moduli” of elliptic curves 
which admit CM by O. 

Theorem 2.4. If E is an elliptic curve over a field of characteristic p then either: 

• End(E) = Z, this is the general case. 

• End(E) = O, for O C Q(V~D) an order in a quadratic imaginary field in which p splits. 

• End(E) = B, for B a maximal order in a quaternion algebra over (Q) ramified only at p and 

oo. This is the so-called supersingular case. 

From the above we see that if ever we can reduce a CM elliptic curve E at a prime inert in K 
we will obtain a supersingular elliptic curve. In the characteristic p setting it will be this case we 
are most interested in. 

Notation 2.5. Let m € Z + be square free so that K = Q(^/— m) is the quadratic imaginary field 
of discriminant D, denote by Ok its maximal order and O = Oka = Z + f Ok an order of conductor 
f € Z. Denote by: 

Po(X) = H(X-j(C/a)). 

a 

where the product is over a set of representatives a<0 for the class group Ci{0) of O. Denote by 
L the splitting field of Pq{X) over K. 

The following facts are well known, for a reference see for example [SchlO] , 

• Po(X) € Z[X\ and is irreducible over K. 

• L is abelian over I\, with Gal(L/K) ~ C£(0), the action being the natural permutation 
action of C£(0) on the roots. 

• L is galois over Q, the action of Gal(iV/Q) on C£(0) being g i-a g~ 1 so that Gal(J\/Q) is a 
generalized dihedral group. 

• The action of complex conjugation on the ideals of K agrees with the action on the set of 
elliptic curves which admit CM by O, which in turn agrees with the action of Gal(AT/Q). 

• L/K is ramified only at primes over f, whereas L/Q is ramified only at primes over Df. 

We shall denote by IV = Q(j) = Q[X]/(P 0 (X)) C L. 

Based on the above we can conclude the following: 

• If p is inert in K and p does not divide f (or equivalently that = — 1) then p splits 

in L/K. 

• If ^ = — 1 then Po(X) factors as a product of quadratic and linear terms over Z p . 

Remark 2.6. The above agrees with the fact that the reductions of these elliptic curves (together 
with their CM actions) have models over ¥ p 2 , as they are known to be supersingular. 

Proposition 2.7. If p is inert in K and E is an elliptic curve which admits CM by O then the 
reduction of E modulo p is supersingular. In particular, End(E) = B, where B is a maximal order 
in a quaternion algebra ramified only at p and infinity. By reduction we may associate to such a 
curve E the pair (End(E) C End(E)). This mapping gives a bijection between elliptic curves E, 
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which admit CM by O, and isomorphism classes of pairs (O CB) of O with an optimal embedding 
into a maximal order B as above. 

Moreover, there is a natural action of C£{0) on such pairs, that is a<0 takes the pair (O C B) 
to (O C aBcP 1 ). Under this action the set of elliptic curves which admit CM by O is a principal 
homogeneous space under C£(0). In particular End(a * E) = aEnd(£’)a~ 1 . 

The original result of jDor89] is corrected and generalized in |LV 15] . 

From now on we shall be working in the setting where p is split in K and p does not divide f. In 
particular we are assuming that ( —^ ^ = — 1 . 

Proposition 2.8. If Pq{X) has a linear factor over 7L p , the number of such linear factors is 
|Gal(L//i)[2]| the size of the two torsion of the class group. 

Proof. By basic algebraic number theory we must count the size of the conjugacy class of Frobenius. 
This is then a basic property to dihedral groups. □ 


Remark 2.9. If |Gal(L/A')[2]| = 1 then Pq(X) has a unique linear factor over Z p . 

Theorem 2.10 (Deuring). If E corresponds to the data (O C B) then the reduction of E modulo 
p is defined over F p (rather than simply F p 2 ) if and only if B contains r L[ y J—p\. 

See |Deu4l| . 

In jlbu82| Ibukiyama gives a complete classification of the maximal orders B which contain 

An¬ 


notation 2.11. Fix p and q = 3 (mod 8) such that B = (— p, —q ) is the quaternion algebra ramified 
only at p and oo. Fix a, (3 € B such that a 2 = —p, (3 2 = — q and a(3 = —/3a. Choose r E Z such 
that r 2 + p = mq for some m E Z. 

Denote: 


0(p, q,r,m) = Z + Z 


a(l + (3) 1 + /3 (r + a)/3 


■Z 


Z- 


If p = 3 (mod 4) choose r' € Z such that ( r') 2 + p = Am'q for some ml € Z. Denote: 


0'(p, q, r', m') = Z + Z^-^ + Z/3 + Z (r + a ^ , 

2 2 q 


Theorem 2.12 (Ibukiyama). The sets 0(p, q,r,m .) (and O'(p, q,r',mf)) are maximal orders of B, 
their isomorphism classes depend only on q and not on r or m. Moreover, all pairs consisting of a 
maximal order in B with an embedding of AV~P\ are °f the form 0(p,q,r,m) (or 0'(p,q,r',m')) 
with the embedding taking y/~P 

The orders 0(p, q./r, m) and O'(p, q,r',m') are only ever isomorphic if they correspond to the 
j-invariant 1728, equivalently if they admit an embedding o/Zf-^Gp^-]. 

See [Ibu82| . 


Remark 2.13. In 0(p, q,r,m) we may write: 

a( 1 + (3) 

a = 2 


(r + a)(3 


+ qr. 


Remark 2.14. We can count the number of isomorphism classes of 0(p,q,r,m) (respectively 
0'(p, q, r', m')) by looking at the class numbers h p for Z[^/—p\ (and h p for Z[(l + yj—p)/ 2]), we have 
the following standard formulas (for p / 3): 

• The number of supersingular j invariants over F p 2 is n = | _{p — l)/12j + eo + ei 728 , where 
e x is 0 or 1 depending on if x is supersingular at p. 

• If p = 7 (mod 8 ) then h p = h p and there are [h p + l)/2 options for both 0(p,q,r,m) and 
0'(p, q, r', m'). 






















j-IN VARIANTS OF CM-ELLIPTIC CURVES OVER Z p 


5 


• If p = 3 (mod 8) then h p = 3 h p and there are ( h p + l)/2 options for O'(p, q,r',m') and 
(h p + l)/2 options for 0'(p,q,r',m'). 

• If p = 1 (mod 4) there are h p /2 options for Ofp, q, r, m). 

Combining the above allows us to compute the number of F p rational supersingular values in terms 
of h p . 

More generally, if we fix K = Q(\/—D) a quadratic imaginary field of discriminant —D and class 
number h k■ Fix an order O = Z + fO k and write f = n q’ 1 The class number of O is given by: 

ho = eh K (qi - (^- j ^ 


where e = 1 unless D = —3 or D = —4. 

If D = —3 and the formula above is divisible by 3 then e = If D = —4 and the formula above 
is divisible by 2 then e = 

Theorem 2.15 (Halter-Koch). If n is the number of prime divisors of Df then: 


\C£(0)[2]\ 


V" 1 Df odd 
2 n ~ 2 2\\Df 

< 2 n ~ 1 A\\Df 
2 n ~ l 8||Df 
2 n 16|Df 


More precisely, the ring class field of O contains: 


Q 



where q is an odd prime factor of Df. 

If D = —8m then the ring class field of O contains: 

If D = 4 (mod 8) and 4|f then the ring class field of O contains: 

Q(v^) • 

If D is odd, and 8|f then the ring class field of O contains: 

If D = 4 (mod 8), or 2\f and 2\D, or D is odd and 4|f then the ring class field of O contains: 

The above fields generate the genus field F, moreover, this is thee maximal subextension of the 
ring class field of O generated by quadratic extensions. 


See [SchlOl Thm 6.1.4]. 
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3. Results 


In this section we will present our main theorems. These are primarily structured to address the 
entries in the data which we present in the Appendix. 

We will begin by looking at certain conditions on O under which there can be no elliptic curves 
over Z p which admit CM by O. These first results can naturally be viewed as generalizations of 
those of |Morl4] and |Stal2| which can be interpreted as giving the conditions on the odd prime 
factors of the discriminants. 


Theorem 3.1. Fix K = Q(V~~D) of discriminant —D. Fix an order O = Z + f Ok of conductor 
f E Z and suppose that ^ ^ = — 1. There are no elliptic curves over Z p which admit CM by O 
if any of the following occur: 


• there is an odd prime factor q of Df with 



= -1 


• p = 1 (mod 4) and 16|Hf 2 . 

• p = 3 (mod 8) and 8|Z). 

• p = 3 (mod 8) and 64\Df 2 

Otherwise there are exactly |CT(0)[2]| j-invariants for elliptic curves over Z p which 


O. 


admit CM by 


Remark 3.2. The condition that there is an odd prime factor q of D with ( —— ) = — 1 implies 

V Q J 

in particular that the quaternion algebra (— p, —D) is ramified at q. Though this can be used to 
justify the condition for those q\D, we will not follow this strategy of proof, rather we give a proof 
which has a more natural connection to class field theory. 

The condition on odd primes cannot be extended to even primes by use of the Kronecker symbol, 
the dependence on the behaviour at 2 is more subtle. 


In order to prove the result we shall make use of a few lemmas. 

Lemma 3.3. Fix K = Q(y/—D) of discriminant —D. Fix an order O = Z + f Ok and suppose that 
^ L p ) = —1- The polynomial Pq{X) has a linear factor over Z p if and only if N = Q(j(0)) has 
no quadratic subextension in which p is inert. 


Proof. If there is a quadratic subextension of N which is inert at p, then all factors of p in N have 
inertial degree 2, and thus there can be no linear factors. 

Conversely, suppose every factor of p in N has inertial degree 2. let p be a prime of L over p and 
let a be a generator for the decomposition group of p and let r be a generator of Ga\(L/N). Then 

• a is 2-indivisible (a ^ x ■ x for any x) with exact order 2, because this is true of Frob p . 

• a and r are not conjugate, since if r were a conjugate of Frob p the field N = L T would have 
a non-inert prime. 

• a and r commute since a has order 2. 

• err is in Gal{L/K) as they both act non-trivially on K. 

• It follows from the above, and the basic structure of dihedral groups, that err is indivisible 
with exact order 2. 

Thus we may write: 

Gal (L/K) = (ur) x H 

and thus 

Gal(L/Q) = (a) x {H x (r)). 

We see that G = (H x (r)) is a normal subgroup of Gal(L/Q), moreover, the field L G is an inert 
quadratic subextension of N. □ 
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Lemma 3.4. The maximal subextension of N generated by quadratic extensions is the totally real 
subfield M of F the genus field of L. 

Proof. It suffices to show that N has a real embedding since any composite of quadratic extensions 
is either totally complex or totally real. 

To see this we use the fact that: 

j(a) =j(a). 

It is thus sufficient to find a such that a = a, but indeed we may simply take a = O. □ 


proof of Theorem \S.1\ The idea of the proof is to show that p is inert in a quadratic subextension 
of the totally real subfield N of F if and only if one of the conditions of the theorem holds. 

To show this we must find a subextension of N defined by adjoining the square root of a positive 
integer which is not a square modulo p, in each of the following cases we describe how to find such 
a non-square. Note that if q = 3 (mod 4) then \JDq € N whereas if q = 1 (mod 4) then yjq £ N. 


Consider the case where p = 1 (mod 4) and 4|| D. In this case there exists odd prime factor 
q' of D with ( —— ] = — 1. Moreover, D has a factor q such that both Fq are not squares 

V d J 

mod p. 


~P 


Suppose there is an odd prime factor q of Df with — = — 1. 

\ Q J 

— if q = p = 3 (mod 4) we obtain ( — j = — 1 and thus Dq is not a square mod p. 

\Pj 

V 


if q = 3 (mod 4), p = 1 (mod 4) and 2 J(D we obtain 
square mod p. 


p 


= 1 and thus Dq is not a 


— if q = 1 (mod 4) we obtain ( - ) = — 1 and thus q and is not a square mod p. 

\PJ 

• Suppose p = 3 (mod 8) and 8| D and D /8 = 3 (mod 4) then D has a factor d congruent to 
3 (mod 4) which is not a square mod p. 

• Suppose p = 3 (mod 8) and 8 |D and D /8 = 1 (mod 4) then 2 is not a square mod p. 

• Suppose p = 3 (mod 8) and 64|Df 2 then 2 is not a square mod p. 

• Suppose p = 1 (mod 4) and 16|Df 2 then D has a factor q such that both Fq are not square 

mod p. 


The above covers all of the cases of the theorem. 

To prove the converse we remark that if p is inert in N it is inert in a quadratic subextension of 
one of the following types: 

• Q(y/o) where q\fD or 

• Q(y/qiQ 2 ) where both qi,q 2 = 3 (mod 4) and q\q 2 \fD. 

as such fields generate the genus field of N. Completing the proof follows a similar case analysis to 
the above. □ 


We now shift to discussing a phenomenon whereby certain F p reductions are disallowed based on 
the ramification behavior of 2. 

Remark 3.5. In the following theorem we will be distinguishing the supersingular j-invariants in 
F p by identifying them as roots of P z[y ^(X) or P z[(1+v ^ )/2] (X). 

To understand the significance we recall the theorems above of Ibukiyama which asserted that this 
naturally divides the supersingular values into two almost disjoint sets. More precisely, by |Elk87| 
and [Kan89j we have that for p = 3 (mod 4) these polynomials factor as (.X — 1728) n*(^ — a i ) 2 
whereas for p = 1 (mod 4) the factorization is J^f,(X — af) 2 . In each case the a* are distinct in 
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F p . Furthermore, in the case p = 3 (mod 4) the ctj for Pj,[^~j>\ (X) are distinct from those for 
P z[(i+y/=p)/ 2 ]( x )- The polynomial for y/^2 is precisely P Z [^ 2 \{X) = X - 8000. 

Theorem 3.6. Fix K = Q(y/—D) of discriminant —D. Fix an order O = Z + f Ok of conductor 
f £ Z and suppose that ^ = — 1. Let j be a Z p root of Pq{X). 

• Suppose p = 7 (mod 8) 

— If 2 is unramified in K and 2 ff then j is a root of P Z \^—^{X). 

— If 2 is unramified in K and 2|f but 8 /f then j is a root o/-fW:i+./=p)/ 2 ] PO ■ 

— If 2 is unramified in K and 8|f then j is a root of P Z [^^(X) or Pzui+^p)/ 2 ){X). 

— If 2 is tamely ramified in K and 2 /|f or 4|f then j is a root of 0 or 

p z[(i+^=£)/ 2 ](X). 

— If 2 is tamely ramified in K and 2||f then j is a root o/^ ? z[( 1 + % /=p)/ 2 ]( X). 

— If 2 is wildly ramified in K and 2 /f then j is a root of P^ l+./=^)/ 2 ] PO ■ 

— If 2 is wildly ramified in K and 2 1 f then j is a root of P^^zi^(X) or -Pz[(i+-/=p)/ 2 ] PO ■ 

• Suppose p = 3 (mod 8) 

— If 2 is unramified in K and 2 ff or 4||f then j is a root of P Z ^^^(X). 

— If 2 is unramified in K and 2||f then j is a root of ^z[( 1 + v / =p)/ 2 ] {X). 

— If 2 is unramified in K and 8|f then there are no linear terms. 

— If 2 is tamely ramified in K and 2 ff then j is a root of Pz[y/^\{X) or ^z[(i+ v /= p)/ 2 ](^)- 
— If 2 is tamely ramified in K and 2||f then j is a root of P z r^—^(X). 

— If 2 is tamely ramified in K and 4|f then there are no linear terms. 

— If 2 is wildly ramified in K then there are no linear terms. 

• Suppose p = 1 (mod 4) 

— If 2 is unramified in K and 4 /f then j is a root of P Z ^^^(X). 

— If 2 is unramified in K and 4|f then there are no linear terms. 

— If 2 is tamely ramified then there are no linear terms. 

— If 2 is wildly ramified in K and 2 /f then j is a root of P Z ^^^(X). 

— If 2 is wildly ramified in K and 2\f then there are no linear terms. 

Notation 3.7. Given that any quaternion algebra A is equipped with a canonical bilinear form, 
given an element a £ A we shall denote by a the collection of all elements in A perpendicular to 
a , that is elements x £ A with Tiy ax) = 0. 

Similarly, given a subspace such as O C A, we shall denote O 1 , the complementary subspace of 
A with respect to this pairing. 

To prove this we will make use of the following lemma. 

Lemma 3.8. If E is an elliptic curve overZ p which admits CM by O which corresponds to a datum 
(O C B) then the Galois Frobenius Frob p acting on E(Q p ) over Z p induces the endomorphism 

Frobenius Frob p of E. Moreover we have: 

• Frobp, the Galois action of Frobenius on E, acts on O by x t-Cx. 

• Frobp, the endomorphism of E, satisfies Frob p x = xFrobp for x £ O. 

• Frobp, the Galois action of Frobenius on E, commutes with O. 

• Frobp , the endomorphism of E, satisfies Frobp = —p. 

In particular Frobp £ O^ is an element of norm p. 

See [SchlO] , 

proof of Theorem \3. (A We must show, using Ibukiyama’s classification of maximal orders containing 
y/-p, that the only CM-orders in a -1- are those satisfying the conditions of the theorem. 
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We note that in selecting the values of q, r and m we may assume by replacing r by r + aq that 
8|r. With this assumption we have that pq = m (mod 8). When selecting q. r' and m! we must 
have that r' is odd, when p = 3 (mod 8) this then implies that m is odd. 

We observe the following important facts about a^ in the various cases: 

(1) For the maximal orders of the form 0'(p,q,r',m') we have that a 2 - contains no elements 
with odd trace. 

(2) For the maximal orders of the form O'(p, q,r',m') we have that all primitive elements of 
r L\ y J—p\- L are of the form: 


VP + 


__ (r' + a)/3 
Z 2 q 


for some choice of y and z coprime. 
The square of such an element is: 


— y 2 q — z 2 m — yzr'. 


Notice that if p = 3 (mod 8) this cannot be even. 

(3) For the maximal orders of the form 0(p, q, r, m) we have that all primitive elements of odd 
trace in Z [\f—p\' L are of the form: 


yp + z 


(r + a)/3 
Q 


for some choice of y and z coprime, with z odd. 
The square of such an element is: 

n o 

—y q — z m — 2 yzr 


modulo 8 this becomes: 

-q(y 2 - z 2 p). 

Notice that if this is odd, then y is even and —q(y 2 — z 2 p) = pq (mod 8). Also, if it is even 
then y and z are both odd and it is divisible by (1 — p)\ — q{y 2 — z 2 p). 

By considering each of the cases of the theorem, the above allows us to conclude the result. □ 


Proposition 3.9. Suppose there exists 7L\\J~D\ = Oca 1 , then Pq(X) has Z p roots. 
Proof. By the above argument we note that O C a 1 - implies the existence of a solution to: 
y 2 q + z 2 m + 2 yzr = D or y 2 q + z 2 m + yzr' = D. 


In the first case, multiplying by q we obtain: 

qD = y 2 q 2 + z 2 (p + r 2 ) + 2 yzrq = z 2 p + (yq + rz) 2 . 

reducing modulo 8 and modulo all the odd prime factors of D the result then follows from Theorem 
l3Tl In the second case, multiplying by 4 q we obtain: 

4 qD = Ay 2 q 2 + z 2 (p + r 2 ) + 2 yzrq = z 2 p + (2 yq + rz) 2 

and the result follows similarly. □ 


Remark 3.10. Note that the above does not actually prove the converse to Lemma 13.81 though it 
would provide for an alternate proof for one direction of Theorem 13.11 


We now explain the phenomenon where in specific circumstances certain F p reductions always 
occur with the same frequency. Based on [CV07I we should expect that this is caused by systematic 
collections of isogenies (coming from Hecke relations), and in our case we should expect 2-isogenies 
to play a role. The results here have a similar flavor to those of |BM04l pp. 95-96] where they 
consider similar questions questions related to the orders Z [\f—p\ and Z[ 1+ ~^~^ ]. 
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Lemma 3.11. If yfqfi E cr 1 then O — 0(p,q2,r,m ) or 0(p, q 2 , r', ml) for some choice of r,m or 
r', m!. 

Proof. By [Ibu82l Prop 2.1 and Rmk 2.2] the conditions: 

QiQ 2 = z 2 P + (yqi + rz ) 2 or 4gig 2 = z 2 p + (2yqi + rz ) 2 
imply that q\ and q 2 satisfy 

0(p, gi,n,mi) ~ 0 (p,q 2 ,r 2 ,rri 2 ) or respectively 0'(p, qi, r[, m[) ~ 0 '(p, q 2 , r’ 2 , m' 2 ). 

The results then follow from the proof of Proposition 13.91 □ 

Lemma 3.12. Fix p = 3 (mod 4). Fix K = Q(y/~D) of discriminant —D. Fix an order O = 
Tj + fOx and suppose that ^ = — 1. Suppose further that 2 is tamely ramified in K but 2 does 

not divide f. 

Suppose that O is optimally embedded in 0{p,q,r,m) and contained in a 2 -. Let a 2 = (2) in 
O. Then aO{p,q,r,m)cT l — 0'(p,q,r',m') is a maximal order with an optimal embedding of 
O. Consequently, if E is an elliptic curve over hp which admits CM by O whose reduction has 
endomorphism ring 0(p,q,r,m), then the reduction ofa*E has endomorphism ring O' (p, q,r' ,m') 
with the exact same choice of q. 

Conversely, if E is an elliptic curve over Z p which admits CM by O whose reduction has endo¬ 
morphism ring 0\p,q,r' ,m'), then the reduction of a* E has endomorphism ring 0(p, q,r,m) for 
some q such that 0'(p, q, r', ml) — 0'(p , q, r\ rh'). 

Proof. Let O = Z[y = y/qf]. It suffices to show that aO(p, q, r, m)a~ 1 contains both 4^ and j3. 

We note that a = (2, 1 + 7 ) and a -1 = (1, 4^). It follows immediately that /3 € a 0(p, qi,r, m)a -1 . 
Now we may write 7 = y/3 + z i: ^/3 with y and r even and z odd. Now, by observing that we 
may write (4±s) as: 

(4 + 7 ) (jz(-zm + ry + 1 ) + {zm + ry) ~ |(yg + zr) 

and that this quantity is an element of aO{p,q,r,m)aT l we conclude by Lemma 13.111 that 

a 0(p,q,r,m)cT l — O’(p, q,r',mf). 

Now suppose we start with O optimal in 0'(p,q,r',m.'). Attempting to reverse the above calcu¬ 
lation cannot work in general as we no longer have r and m but r' and ml. However, we observe 
that: 

((!+7) (—j-) (“ir 9 - (~x“) a ) € a 0 '( p ' q - r 'i m ') a ~ l 

is perpendicular to a and has odd trace. Hence, aO'(p, q, r', — 0(p,q,r,rh). The result now 

follows. □ 

Remark 3.13. Note, that we could not simply run the first part of the above argument in the 
opposite direction to go from 0'(p,q,r',m /) to 0(p,q,r,m), in particular this would be impossible 
in any case where the class groups which classify 0'(p , q, r 1 , m!) and 0(p, q, r, m) are not in bijection. 

Theorem 3.14. Fix p = 3 (mod 4). Fix K = Q(^/—D) of discriminant —D. Fix an order 
O = Z + fO k and suppose that ^ = — 1 . Suppose further that 2 is tamely ramified in K but 

2 does not divide f. 

It we consider the set of supersingular values of¥ p except 1728, each j-invariant J has a partner 
J such that, the frequency of the appearance of X — J and X — J as the reduction of irreducible 
linear factors of Pq(X) modulo p is the same. 
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Proof. We first observe that if E is defined over Z p then so too is a* E. This follows by observing 
that the collection of endomorphisms in a is Galois stable. Moreover, in the case p = 3 (mod 4) the 
map from 0(p, q, r, m) to 0'(p, q, r\ rrt!) being injective implies it is bijective as the collections have 
the same size. 

By Lemma 13.121 it now follows that 0(p, q,r,m) and 0'(p,q,r',m') must occur with the same 
frequency. 

We note that j-invariant 1728 is the only one that can ever be identified with itself through this 
process, and in fact it must, because the class group has odd order. □ 

Remark 3.15. For p = 3 (mod 4) we obtain other less obvious relationships between the counts 
for maximal orders of type O' and of type O arising from the fact that the map is generically 3:1. 
In particular, in general the frequency for those of type O' is the sum of the frequencies of a specific 
collection of three of orders of type O. We note that there will be a curve which is 2-isogenous to 
the one with j-invariant 1728. 

We should point out that the F p points of the 2-torsion is well understood, that there is a unique 
F p rational 2-torsion point is suggestive of the above results, but does not show that the association 
is between 0(p,q,r,m) and 0'(p,q,r',m') and certainly not that it ‘respects q\ 

Theorem 3.16. Fix p = 1 (mod 4). Fix K = Q(y/—D) of discriminant —D. Fix an order 
O = Z + fOx and suppose that ^ j = — 1. Suppose further that 2 is wildly ramified in K but 2 
does not divide f. 

It we consider the set of supersingular values of F p , each j-invariant J has a partner J such that, 
the frequency of the appearance of X — J and X — J as the reduction of irreducible linear factors of 
Pq{X) modulo p is the same. 

This partner J is independent of K and O and depends only on p. 

Proof. Set a 2 = (2) in O. In this case we have a = (2, 7 ) and a -1 = (1, ^ 7 ). As in the previous 
case, we must only show that aO(p, q, r, m)aT l is independent of O. 

Now set b 2 = (2) in Z [y/—p\. We have that b = (2,1 + a). 

We recall that we have 7 = y(3 + z^-^-(3 = |(yq + zr + za)/3 with r even and both y and z odd. 
We claim that (1 + a) € aO(p, q,r,m). Indeed, as j3 € 0(p,q,r,m) we have yq + zr + za = 
7 (3 € aO(p,q,r,m). Since 2 £ a the claim then follows immediately. Conversely, it is clear that 
(77 € bO(p, q,r,m). As q is odd, and 2 e b we also have that 7 € bO(p,q,r,m). We thus have 
shown that aO(p,q,r,m) = bO(p,q,r,m). 

It follows that aO(p, q, r, m)cT l = bO(p, q,r,m)b~ 1 is independent of O. □ 

Remark 3.17. In this case the uniqueness of the F p -rational 2-torsion points is sufficient to conclude 
the result. 


4. Further Questions 

Our results suggest the following natural questions: 

Question 1 . In Theorem 13.61 we gave necessary conditions for a datum (O C B) to correspond to 
an elliptic curve over Z p . Moreover, Proposition 13.91 gives the impression that this may be sufficient. 
It is natural to ask, if these conditions are in fact sufficient. 

(a) More precisely, given an elliptic curve over F p , and an endomorphism (defined over some 
extension) when can we lift the curve to Z p such that the endomorphism lifts to some 
extension? 

(b) Is it sufficient that the endomorphism be perpendicular to Frobenious in the endomorphism 
algebra over F p ? 
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An answer to this question would shed light on the structure of the ring Z[j(A]).... ,j(E n )\ as 
remarked in the introduction. 

Question 2. Theorems 13.141 and 13.161 give situations in which there are automatic relationships 
between certain roots of Pq(X). As remarked a similar result holds for the same reason when p = 3 
(mod 8). 

(a) It is natural to ask if there are other situations in such relationships must exist? In particular 
are there situations where the role of 2 can be replaced by some other prime? 

(b) The method of proof also suggests that we could anticipate relations between the roots of 
Po(X) between two different orders in the same field whose conductors differ by a factor of 
2. Can the combinatorics of this be made more precise? 
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Appendix A. Data 

In this section we will present a representative sample of the data, which forms the basis for how 
we discovered the theorems. Similar computations have been done for all p up to 1000. All of these 
computation were performed in SAGE. Data not contained can be obtained from the author. 

In all the data which follows, the frequencies presented represent the total number of times each 
factor appears as the reduction modulo p of an irreducible factor of Pq(X) over Zp for one of 
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the orders under consideration. We will consider several families of orders, but in all cases we are 
considering all orders in the described class with class numbers strictly less than 40 (and discriminant 
of the base field less than 10 million, noting that there are no fields of class number less than 100 
with discriminant between 3 and 10 million). 

Made precise, the appearance of the 199 in the first table indicates that there are exactly 199 
different j-invariants congruent to 0 mod 71 for elliptic curves over Z 71 which admit CM by the 
maximal order of a quadratic imaginary field with odd class number less than 40 (and discriminant 
less than 10 million) in which 71 is inert. The 1 in the first table indicates that there is a unique 
j-invariant over Z 71 congruent to —23 modulo 71 for which the associated elliptic curve admits 
CM by the maximal order of a quadratic imaginary field with odd class number less than 40 (and 
discriminant less than 10 million) in which 71 is inert. We remark that this unique j-invariant is 
that of the curve which admits CM by Z[-\/— 2]. 

We should remark that ordering by class number is not ideal, in particular this appears to change 
the relative frequency of various congruence conditions. Heuristically this can be explained for 
example by noticing that if 2 ramifies, this will tend to double the size of the class group, whereas if 
2 splits this will tend to make it much larger. That is the splitting and ramification of small primes 
tends to impact the size of the class group as it is precisely these primes which, by Minkowski 
theory, will be the generators. Moreover, adding factors of 2 to the conductor will typically double 
(or triple) the class number. The effect is that in the data which follows you should not try to 
compare data between columns without adjusting for the bias caused by the class number cutoffs. 

We should note, it is entirely possible that the skew the class number ordering creates in the 
data is the only reason we were able to originally identify any of the underlying phenomenon we 
have discussed. In particular, considering parity conditions on the class number is likely entirely 
unnatural. 

A.l. Data for p = 71. This data is typical for p = 7 (mod 8 ), the choices of 5 and 7 are arbitrary 
but demonstrate contrasting behaviour. 


All Orders Inert at p = 71 subject to conditions on discriminants/conductors. . 



All 

All 

2 Kd 

2 /f 

2 j(D 

2| If 

2 j(D 

4||f 

2 j(D 

8||f 

2 Xd 
161 f 

4||£> 
2 Xf 

4||D 

2| If 

M\D 
4| If 

00 

4||Z> 

16|f 

8||U 
2 Xf 

8|| D 
211 f 

8|| D 

4||f 

8|l D 
811 f 

8|l D 
16|f 

7|Df 

7 Xd f 

X 

1109 

806 

- 

- 

18 

5 

158 

- 

17 

4 

3 

- 

73 

16 

5 

4 

- 

1109 

x + 5 

1123 

817 

- 

- 

20 

5 

152 

- 

16 

6 

3 

- 

74 

22 

6 

2 

- 

1123 

x + 23 

941 

- 

173 

82 

14 

5 

152 

75 

17 

4 

2 

314 

73 

21 

6 

3 

- 

941 

x 30 

1126 

811 

- 

- 

22 

8 

161 

- 

11 

6 

3 

- 

74 

23 

4 

3 

- 

1126 

x + 31 

967 

- 

176 

94 

26 

6 

158 

77 

11 

6 

3 

303 

75 

23 

6 

3 

- 

967 

x + 47 

1027 

408 

86 

48 

14 

6 

143 

39 

17 

6 

4 

155 

74 

22 

3 

2 

- 

1027 

x + 54 

934 

- 

169 

86 

18 

5 

161 

66 

17 

6 

4 

301 

79 

15 

4 

3 

- 

934 

z 2 

2981 

1572 

432 

101 

19 

3 

298 

90 

12 

4 

4 

378 

47 

19 

- 

2 

467 

2514 

(x + 5) 2 

10258 

5675 

1293 

310 

70 

11 

1078 

267 

55 

16 

16 

1164 

207 

72 

8 

16 

1447 

8811 

O + 23) 2 

10375 

6106 

1194 

278 

65 

9 

1086 

229 

60 

15 

14 

1009 

219 

63 

11 

17 

1427 

8948 

(x + 30) 2 

10214 

5661 

1292 

304 

56 

11 

1068 

271 

60 

15 

12 

1159 

208 

69 

14 

14 

1418 

8796 

0 + 31) 2 

10283 

6052 

1213 

251 

62 

16 

1062 

236 

61 

20 

12 

1001 

207 

73 

7 

10 

1414 

8869 

O + 47) 2 

4833 

2787 

598 

134 

28 

4 

499 

118 

26 

11 

6 

509 

78 

28 

- 

7 

721 

4112 

(x + 54) 2 

10255 

6042 

1187 

258 

56 

14 

1065 

235 

54 

14 

17 

1001 

218 

71 

11 

12 

1450 

8805 


A.2. Data for p = 59. This data is typical for p = 3 (mod 8 ). 


All Orders Inert at p = 59 subject to conditions on discriminants/conductors. 



All 

All 

2 XD 

2 Xf 

2 XD 
2| If 

2 XD 
4| If 

2 XD 
8| If 

2 XD 
161 f 

4|| D 

2 Xf 

4|| D 
2| If 

4|| D 
4| If 

4||£> 

8||f 

4||D 

16|f 

Q2? 

00 C'l 

8||£> 
2| If 

<3 A 
00 

8||A> 

8||f 

8||U 

16|f 

X 

1245 

896 

- 

92 

- 

- 

172 

85 

- 

- 

- 

- 

- 

- 

- 

- 

x + 11 

1241 

890 

- 

98 

- 

- 

173 

80 

- 

- 

- 

- 

- 

- 

- 

- 

x + 12 

1236 

890 

- 

97 

- 

- 

167 

82 

- 

- 

- 

- 

- 

- 

- 

- 

x + 31 

1224 

870 

- 

91 

- 

- 

172 

91 

- 

- 

- 

- 

- 

- 

- 

- 

x + 42 

1146 

440 

285 

40 

- 

- 

336 

45 

- 

- 

- 

- 

- 

- 

- 

- 

x + 44 

1060 

- 

549 

- 

- 

- 

511 

- 

- 

- 

- 

- 

- 

- 

- 

- 

{x + llf 

12375 

6855 

1574 

325 

103 

29 

1269 

299 

85 

28 

16 

1389 

297 

92 

12 

2 

(x + 12) 2 

12241 

6818 

1537 

319 

98 

27 

1229 

293 

84 

35 

18 

1371 

306 

93 

10 

3 

(x + 31) 2 

12274 

6844 

1544 

324 

90 

27 

1250 

282 

83 

43 

14 

1381 

292 

83 

12 

5 

(x + 42) 2 

5910 

3429 

632 

160 

50 

13 

511 

144 

39 

18 

8 

701 

145 

52 

6 

2 

(x + 44) 2 

12360 

7250 

1264 

381 

114 

29 

1066 

329 

80 

32 

14 

1399 

300 

87 

12 

3 

x 2 

3692 

1983 

512 

77 

31 

7 

352 

72 

26 

14 

6 

474 

100 

33 

4 

1 
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A.3. Data for p = 41. This data is typical for p = 1 (mod 4). 


All Orders Inert at p = 41 subject to conditions on discriminants/conductors. . 



All 

All 

2 j(D 

2 /f 

2 Id 
2 If 

2 J/D 
4||f 

2 J/D 
8||f 

2 J/D 
16|f 

4|| D 
2 If 

4|l D 
2| |f 

4|l D 
4| If 

4||D 

8||f 

4||D 

16|f 

8||D 

2 If 

8|l D 
2| If 

8||D 

4||f 

8||D 

8||f 

8| \D 
161 f 

X 

1488 

1055 

222 

- 

- 

- 

- 

- 

- 

- 

- 

211 

- 

- 

- 

- 

x + 9 

1495 

1068 

220 

- 

- 

- 

- 

- 

- 

- 

- 

207 

- 

- 

- 

- 

x + 13 

1491 

1055 

229 

- 

- 

- 

- 

- 

- 

- 

- 

207 

- 

- 

- 

- 

x + 38 

1499 

1065 

223 

- 

- 

- 

- 

- 

- 

- 

- 

211 

- 

- 

- 

- 

x 2 

5583 

3036 

665 

184 

46 

13 

675 

146 

37 

8 

2 

560 

146 

45 

13 

7 

(x + 9) 2 

18184 

10102 

2215 

557 

143 

48 

2014 

454 

117 

37 

3 

1877 

434 

135 

33 

15 

(x + 13) 2 

18218 

10107 

2199 

582 

133 

52 

2001 

444 

123 

37 

3 

1906 

443 

132 

43 

13 

(x + 38) 2 

18173 

10080 

2205 

583 

138 

47 

2015 

432 

131 

38 

8 

1871 

437 

128 

47 

13 


A.4. Key Observations About Data. 

• In all of the data sets the frequency with which the roots appear appears to be equidis- 
tributed subject only to rescaling those j invariants for which the curves have automor¬ 
phisms. 

• The linear terms do not follow the same distribution as the underlying roots. 

• It is not immediately clear if we restrict to maximal orders if the linear terms are equidis- 
tributed overall, however each family based on ramification at 2 appears to be, and if we 
reweigh (to correct bias caused by class number bounds) and regroup it is possible that the 
result is equidistribution. 

• Specifying ramification conditions can have an effect on the presence or absence of linear 
factors. 

• All families where we account for the behaviour at 2 in the discriminant and conductor 
appears to satisfy a simple distribution. 

— The frequency of j-invariants with automorphisms may or may not be effected depend¬ 
ing on the case. 

More specifically j = 0 is never apparently rescaled, whereas j = 1728 may or may not 
be depending on discriminant and conductor. 

— Some ^’-invariants may be favoured despite no extra automorphisms. 

For example, j = —44 for p = 59 when 4||D and 2 does not divide f. 

— For p = 3 (mod 4) there is a partitioning of j-invariants into two sets (with j = 1728 
the common intersection) where the distribution selects for one set or the other based 
on the conditions on discriminants and conductors. 

— For p = 7 (mod 8), 4||D and 2 /f there is an apparent bijection between these two sets 
(excluding 1728) where the frequencies will be identical between the two sets. 

Note: Within the data this actually happens on the level of individual orders. 

— For p = 1 (mod 4), 8\\D and 2 J(f there is an apparent bijection between two sets where 
the frequencies will be identical between the two sets. 

Note: Within the data this actually happens on the level of individual orders. 

• Based on heuristic reasoning on the effect on class number of changing conductors by 2 and 
the apparent patterns and equidistribution in families one can reasonably expect equidistri¬ 
bution of the linear terms in the limit if we consider all conductors in a given held. 

That is, we know the relative sizes of the exceptional sets and the effect on class numbers 
of increasing conductors by factors of 2. 
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